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DETAILED ACTION 


Drawings 


1 . The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they include the following reference sign(s) not mentioned in the description: 
figure 1, reference numbers 106, 1 15, 1 16, 125, and 126 do not appear. A proposed 
drawing correction, corrected drawings, or amendment to the specification to add the 
reference sign(s) in the description, are required in reply to the Office action to avoid 
abandonment of the application. The objection to the drawings will not be held in 
abeyance. 


2. The disclosure is objected to because of the following informalities: 

• On page 8, line 16, "Figure 2A" should be -Figure 2- 

• On page 8, line 19, figure 2B does not exist, therefore this line should be deleted. 

• On page 12, line 3, "communication adapter 334" should be -communication 
adapter 34 1-. 

• On page 15, line 1, "possible" should be -possibly-. 
Appropriate correction is required. 


3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 


Specification 


Claim Rejections - 35 USC § 112 - 2 nd 


Paragraph 
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4. Claims 8 and 15-19 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claim 8 recites the limitation "said reader" in line 8, page 17. There is insufficient 
antecedent basis for this limitation in the claim. 

Claims 15-19 are dependent upon claim 8, and therefore inherit its deficiencies. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1. 3-7. 9. 13, 24, 25, and 27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Leppek (U.S. Patent No. 5,933,501 ) in view of Maillard et al. (U.S. 
Patent No. 6,466,671). 

Regarding claims 1 and 27 , Leppek teaches [a signal-bearing medium tangibly 
embodying a program of machine-readable instructions executable by a digital 
processing apparatus to perform] a method for preventing counterfeiting and cloning of 
smart cards, comprising: providing a smart card with a cryptographic structure for 
authorizing the smart card which cannot be accessed completely by a predetermined 
number of readings (abstract and col. 4, lines 8-66), wherein said cryptographic 
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structure can be built only by whoever emits the card or an agent thereof (col. 4, lines 
33-38, the key supplies the proper sequence). 

Leppek does not teach the device is a smart card. 

Maillard et al. teaches the device is a smart card (abstract). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to implement the teachings of Leppek onto a smart card, as taught 
by Maillard et al. It would have been obvious to one of ordinary skill in the art to 
implement the teachings of Leppek onto a smart card, as taught by Maillard et al. . 
because smart cards are small, easy to use mediums for encryption; to provide a 
method which prevents a footprint or playback attack from being performed by an 
intruder would help spread the acceptance of smart cards used in technology (see col. 
2, lines 25-38 of Leppek). 

Regarding claim 3 , the combination of Leppek in view of Maillard et al. teaches 
wherein an entire process of said method is performable off-line (the Examiner takes 
Official Notice that in smart card technology, comprising a reader, the transfer of 
information from smart card to reader is performed off-line, meaning no network 
connection is established for obtaining key information or other information needed to 
authenticate the device). 
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Regarding claim 4 , the combination of Leppek in view of Maillard et al. teaches 
wherein said smart card carries thereon predetermined N channels as C1, C2 f CN, 
where N is an integer (see fig. 2, ref. num 100 of Leppek), wherein each channel Ci, 
with i equal to 1 , 2, N, carries a pair of numbers (hi, li), and wherein hi is the i th high 
number and li is the i th low number (see fig. 2, ref. num 1 1 0-1 through 1 1 0-N of Leppek). 

Regarding claim 5 , the combination of Leppek in view of Maillard et al. teaches 
further comprising: 

• Using public key cryptography with associated encoding and decoding functions 
Vi and Vi- 1 in each channel i, 

• Wherein each function Vi-' is known publicly, and Vi is known only to a 
predetermined party representing an owner of the smart card (see page 6, lines 
1-5 of applicants disclosure, applicant submits this information is well known as 
taught by Menezes et al.). 

Regarding claim 6 , the combination of Leppek in view of Maillard et al. teaches: 

• Wherein for each i in 1, 2, N, the pair (hi, li) is such that hi = Vi(li), or hi = 
Vi(K(li)), where K represents a publicly-known cryptographic hash function, and 

• Wherein each li contains a plurality of symbols for redundancy (see page 6, lines 
6-8 of applicants disclosure, applicant submits this information is well known as 
taught by Menezes et al.). 
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Regarding claim 7 , the combination of Leppek in view of Maillard et al. teaches 
further comprising processing, using an invertible function f which is made public, such 
that the low numbers in said smart card satisfy l(i+j) = f(li) f where f represents the 
iteration of the function f (see col. 5, lines 19-52 of Leppek). 

Regarding claim 9 , the combination of Leppek in view of Maillard et al. teaches 
wherein a reader obtains a content of only two of said channels (see col. 4, lines 33-42 
of Leppek, the number does not specifically state two, but is any number less than the 
total number of keys contained in the smart card). 

Regarding claim 13 , the combination of Leppek in view of Maillard et al. teaches 
wherein said cryptographic structure is changed periodically (see col. 1, lines 41-47 of 
Maillard et al.). 

Regarding claim 24 , Leppek teaches a method of preventing counterfeiting of a 
smart card, comprising: 

• Providing a smart card such that none of confidential information and a 
cryptographic key for authorizing the smart card, is carried on the smart card (col. 
4, lines 7-17); 

• Reading said card by a reader such that in each reading, said reader reads only 
a predetermined small amount of information which makes the card unique (col. 
4, lines 33-42). 
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Leppek does not specifically teach the device is a smart card or that a card 
reader performs the reading. 

Maillard et al. teaches the device is a smart card (fig. 2, ref. num 3020) and a 
card reader performs the reading (fig. 2, ref. num 2020). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the device being a smart card and the reading is a card 
reader, as taught by Maillard et al. , with the method of Leppek . It would have been 
obvious to combine the device being a smart card and the reading is a card reader, as 
taught by Maillard et al. , with the method of Leppek because smart cards are small, 
easy to use mediums for encryption and a card reader would be required to read the 
data contained on the small smart card. 

Regarding claim 25 , the combination of Leppek in view of Maillard et al. teaches 
wherein a transaction performed under said method comprises substantially an off-line 
transaction (the Examiner takes Official Notice that in smart card technology, 
comprising a reader, the transfer of information from smart card to reader is performed 
off-line, meaning no network connection is established for obtaining key information or 
other information needed to authenticate the device). 
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Claims 2, 10-12. 14. 23. and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Leppek (U.S. Patent No. 5,933,501) in view of Maillard et al. (U.S. 
Patent No. 6,466,671), and further in view of Perlman etal. (U.S. Patent No. 5,261,002). 

Regarding claim 2 , the combination of Leppek in view of Maillard etal. teaches 
providing a reader for reading said smart card (fig. 2, ref. num 2020 of Maillard et al.). 
However, the combination of Leppek in view of Maillard et al. does not teach further 
comprising including a database holding information related to unauthorized smart 
cards, said reader being on-line, such that said reader is operatively connected to a 
network, only when said database of said reader is being updated by said network. 

Perlman etal. teaches further comprising including a database holding 
information related to unauthorized smart cards (col. 6, lines 37-39), said reader being 
on-line, such that said reader is operatively connected to a network, only when said 
database of said reader is being updated by said network (col. 3, lines 38-40 and fig. 1, 
ref. num 24-30, the concept of the invention in Perlman et al., when applied to Leppek 
and Maillard et al., shows a receiver (reader) of a request from a potential intruder 
(smart card) performing the steps necessary to check a blacklist of already expired or 
invalid intruders (smart cards)). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine including a database of unauthorized smart cards and 
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periodically going online with the reader to obtain a newer list, as taught by Perl man et 
al., with the method of Leppek/Maillard et al. It would have been obvious to combine 
including a database of unauthorized smart cards and periodically going online with the 
reader to obtain a newer list, as taught by Perlman et al. . with the method of 
Leppek/Maillard et al. because the off-line version of the blacklist provides a listing of all 
users who are intruders; the periodic updating allows a newer list of intruders to be 
known, without performing the update constantly -r tying up a lot of resources. 

Regarding claim 10 , the combination of Leppek in view of Maillard et al. teaches 
all the limitations of claim 1 above. However, the combination of Leppek/Maillard et al. 
does not teach further comprising periodically communicating, by a reader of said smart 
card, with a database where a predetermined characteristic of the card is checked. 

Perlman et al. teaches further comprising periodically communicating, by a 
reader of said smart card, with a database where a predetermined characteristic of the 
card is checked (col. 3, lines 38-40 and fig. 1, ref. num 16-18). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine periodically communicating with a database where a 
predetermined characteristic of the card is checked, as taught by Perlman et al. , with 
the method of Leppek/Maillard et al. It would have been obvious to combine 
periodically communicating with a database, as taught by Perlman et al. , with the 
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method of Leppek/Maillard et al. because the off-line version of the blacklist provides a 
listing of all users who are intruders; the periodic updating allows a newer list of 
intruders to be known, without performing the update constantly - tying up a lot of 
resources. 

Regarding claim 11 . the combination of Leppek in view of Maillard et al. and 
further in view of Perlman et al. teaches wherein the predetermined characteristic 
comprises whether a smart card has delivered more than a predetermined amount of 
money to a user of the smart card (see col. 7, lines 21-23 of Perlman et al., although 
Perlman discloses the predetermined condition to be a preset time limit, other reasons 
for refusing the smart card exist, dependent on the use of the card. In this case it is 
certificates, so the time limit is a predetermined condition. In the case of a money card, 
a limit spent or received would be an obvious threshold.). 

Regarding claim 12 , the combination of Leppek in view of Maillard et al. and 
further in view of Perlman et al. teaches wherein if a card is detected as delivering too 
much money, the database communicates a corresponding number 11 to all readers in a 
network, so that smart cards carrying said corresponding number are declined (see col. 
7, lines 14-26 of Perlman et al.). 


Regarding claim 14 , the combination of Leppek in view of Maillard et al. teaches 
all the limitations of claim 1 , above. However, the combination of Leppek in view of 
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Maillard et al. does not teach wherein said smartcard is invalidated after a 
predetermined time of usage. 

Perlman et al. teaches wherein said smartcard is invalidated after a 
predetermined time of usage (fig. 2, ref. num 42). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine invalidating the smart card after a predetermined time 
of usage, as taught by Perlman et aL , with the method of Leppek/Maillard et al. It would 
have been obvious to combine invalidating the smart card after a predetermined time of 
usage, as taught by Perlman et al. . with the method of Leppek/Maillard et al. because 
the time limit threshold provides more security by allowing only a certain time of use. 
After the time limit has expired, it would be safe to say that the user did not want to use 
the card anymore, or if the user does want to use the card, the user can renew his/her 
time for the card. 

Regarding claim 23 , the combination of Leppek in view of Maillard et al. teaches 
that the device is a smart card and there exists a reader for reading the smart card (see 
fig. 2, ref. num 2020 and 3020). However, the combination of Leppek in view of Maillard 
et al. does not teach further comprising: performing a final validation of the smart card 
by at least one of: contacting a central database if an entire transaction is made on-line 
with no penalty; and checking with a local database in a reader, said local database 
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being refreshed periodically by contact between said local database and said central 


database. 


Perlman et al. teaches further comprising: 
• Performing a final validation of the smart card by at least one of: contacting a 
central database if an entire transaction is made on-line with no penalty; and 
checking with a local database in a reader (col. 6, lines 37-39), 

o Said local database being refreshed periodically by contact between said 
local database and said central database (col. 3, lines 38-40 and fig. 1, 
ref. num 24-30). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the reader including a database for linking to a network 
for periodic updates, as taught by Perlman et al. , with the system of Leppek/Maillard et 
aL It would have been obvious to combine the reader including a database that is 
periodically updated, as taught by Perlman et al. , with the system of Leppek/Maillard et 
aL because the off-line version of the blacklist provides a listing of all users who are 
intruders; the periodic updating allows a newer list of intruders to be known, without 
performing the update constantly - tying up a lot of resources. 

Regarding claim 26 , the combination of Leppek teaches a system for preventing 
cloning of a smart card, comprising: 
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• A smart card such that a cryptographic structure for authorizing the smart card is 
not carried on the smart card (col. 4, lines 7-17); and 

• Wherein said cryptographic structure is kept secret by whoever emits the card or 
an agent thereof (col. 4, lines 33-38, the key supplies the proper sequence). 

Leppek does not teach the device is a smart card or a reader for reading the 
smart card and including a database for linking to a network and being updated 
periodically with a list of unauthorized smart cards. 

Maillard et al. teaches the device is a smart card (fig. 2, ref. num 3020) and a 
reader for reading the smart card (fig. 2, ref. num 2020). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the device being a smart card and the reading is a card 
reader, as taught by Maillard et al. . with the method of Leppek . It would have been 
obvious to combine the device being a smart card and the reading is a card reader, as 
taught by Maillard et al. . with the method of Leppek because smart cards are small, 
easy to use mediums for encryption and a card reader would be required to read the 
data contained on the small smart card. 
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The combination of Leppek in view of Maillard et al. still does not teach reading 
the smart card and including a database for linking to a network and being updated 
periodically with a list of unauthorized smart cards. 

Perlman et al. teaches reading the smart card and including a database for 
linking to a network and being updated periodically with a list of unauthorized smart 
cards (col. 6, lines 37-39 and col. 3, lines 38-40 and fig. 1 , ref. num 24-30). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine the reader including a database for linking to a network 
for periodic updates of unauthorized smart cards, as taught by Perlman et al. . with the 
system of Leppek/Maillard et al. It would have been obvious to combine the reader 
including a blacklist database that is periodically updated, as taught by Perlman et aL 
with the system of Leppek/Maillard et al. because the off-line version of the blacklist 
provides a listing of all users who are intruders; the periodic updating allows a newer list 
of intruders to be known, without performing the update constantly - tying up a lot of 
resources. 


Claims 8, 15-18. and 20-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Leppek (U.S. Patent No. 5,933,501 ) in view of Maillard et al. (U.S. 
Patent No. 6,466,671 ), and further in view of Schneier, "Applied Cryptography: 
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Protocols, Algorithms, and Source Code in C." Second Edition, dps. 466-474 
(hereinafter referred to as Schneier). 

Regarding claim 8 . the combination of Leppek in view of Maillard et al. teaches 
all the limitation of claims 1 and 4-6, above. However, the combination of Leppek in 
view of Maillard et al. does not teach wherein said reader includes a random number 
generator, which, when a card is read, chooses a pair (a, b) of distinct numbers with a < 
b between 1 and N, wherein before processing the smart card, the reader obtains the 
pair (ha, la) and hb; using the public keys Va- 1 and Vb- 1 , checking by the reader 
whether the pairs (ha, la) and (hb, lb) are compatible, and, consequently, that the 
numbers ha, la, and hb belong to a same legitimate card. 

Schneier teaches 

• Wherein said reader includes a random number generator, which, when a card is 
read, chooses a pair (a, b) of distinct numbers with a < b between 1 and N, 
wherein before processing the smart card, the reader obtains the pair (ha, la) and 
hb (a step of an RSA algorithm, choose two prime numbers, page 467); 

• Using the public keys Va- 1 and Vb- 1 , checking by the reader whether the pairs 
(ha, la) and (hb, lb) are compatible, and, consequently, that the numbers ha, la, 
and hb belong to a same legitimate card (a step of an RSA algorithm, page 467). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine generating a random number in the reader, choose a 
pair of distinct numbers, and using the public keys to check the compatibility of the 
smart card, as taught by Schneier . to the method of Leppek/Maillard et al. It would have 
been obvious to combine generating a random number in the reader, choose a pair of 
distinct numbers, and using the public keys to check the compatibility of the smart card, 
as taught by Schneier , to the method of Leppek/Maillard et al. because these limitations 
verify a proper smart card based on the key checking, known as a digital signature. 

Regarding claim 15 , the combination of Leppek as modified by Maillard et 
al. /Schneier teaches wherein said pairs (hi, li) to be contained on the smart card are 
generated by: 

• Choosing a prefix of 11 once for all transactions, or changed whenever needed, 
wherein said prefix is publicly known (a step of an RSA algorithm, see page 467 
of Schneier); and 

• Providing a sequence, such that the sequence is generated so that a same 
number is not chosen twice, and so that corresponding other li's are not chosen 
as new Ms (a step of an RSA algorithm, see page 467 of Schneier). 


Regarding claim 16 , the combination of Leppek as modified by Maillard et 
al. /Schneier teaches further comprising: 
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• Concatenating the prefix and the sequence to form 11 (a step of an RSA 
algorithm, forming the product of two primes, see page 467 of Schneier); and 

• Choosing a function f which is invertible and is publicly known, to construct 12 = 
f(H ), 13 f(l2), and so forth (a step of an RSA algorithm, use Euclidean algorithm 
on two primes, see page 467 of Schneier). 

Regarding claim 17 , the combination of Leppek as modified by Maillard et 
al./Schneier teaches wherein the function f is chosen to be the identity map, in which 
case 11 = 12 = 13 = ... =IN (a step of an RSA algorithm, where the message is encrypted 
in blocks, where the same encryption method is used for each block, see page 467 of 
Schneier). 

Regarding claim 18 , the combination of Leppek as modified by Maillard et 
al./Schneier teaches choosing, for a number N, N public key-private key pairs, such that 
a first private key V1 is for computing hi = V1 (11 ), a second private key V2 is for 
computing h2 = V2(I2), and so on (a step of an RSA algorithm, where the message is 
encrypted in blocks, see page 467 of Schneier). 

Regarding claim 20 , the combination of Leppek in view of Maillard et al. teaches 
all the limitations of claim 1 , above. However, the combination of Leppek in view of 
Maillard et al. does not teach wherein, when the smart card is read by a reader, a 
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random generator is prompted which provides two integer numbers, a and b f which are 
not between 1 and N, with a < b. 

Schneier teaches wherein, when the smart card is read by a reader, a random 
generator is prompted which provides two integer numbers, a and b, which are not 
between 1 and N, with a < b (a step of an RSA algorithm, see page 467 of Schneier). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine generating a random number in the reader and choose 
a pair of distinct numbers, as taught by Schneier , to the method of Leppek/Maillard et al. 
It would have been obvious to combine generating a random number in the reader and 
choose a pair of distinct numbers, as taught by Schneier , to the method of 
Leppek/Maillard et al. because these limitations select a public key of the reader for use 
in a public key algorithm. 

Regarding claim 21 , the combination of Leppek as modified by Maillard et 
al. /Schneier teaches wherein said numbers a, b are transmitted to the smart card which 
delivers two high numbers ha, hb, and a low number la in a channel a, and wherein the 
pair (a, b), together with a function f in a memory in the reader, are used to compute the 
low number lb=f (b " a) (la), said memory in said reader delivering public keys Va' 1 and Vb* 1 
(a step of an RSA algorithm, see page 467 of Schneier). 


Application/Control Number: 09/685,026 Page 19 

Art Unit: 2136 

Regarding claim 22 , the combination of Leppek as modified by Maillard et 
al./Schneier teaches wherein the public keys are used by a comparator together with 
the pairs (ha, la) and (hb, lb), to verify that the pairs are compatible with the 
corresponding keys, and that the pairs are from a same legitimate card (a step of an 
RSA algorithm, see page 467 of Schneier). 

Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over Leppek 
(U.S. Patent No. 5,933,501 ) in view of Maillard et al. (U.S. Patent No. 6,466,671 ) and in 
view of Schneier. "Applied Cryptography: Protocols. Algorithms, and Source Code in C." 
Second Edition, pps. 466-474 (hereinafter referred to as Schneier), and further in view 
of Perlman et al. (U.S. Patent No. 5,261,002). 

Regarding claim 19 , the combination of Leppek as modified by Maillard et 
al./Schneier teaches further comprising: verifying whether the smart card is authentic 
(digital signature of an RSA algorithm, see page 473 of Schneier). 

The combination of Leppek as modified by Maillard et al./Schneier does not 
teach checking whether the smart card is not in a list of cards to be refused. 


Perlman et al. teaches checking whether the smart card is not in a list of cards to 
be refused (col. 6, lines 37-39). 
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It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine including a database of unauthorized smart cards, as 
taught by Perl man et al. . with the method of Leppek/Maillard et al./Schneier . It would 
have been obvious to combine including a database of unauthorized smart cards, as 
taught by Perlman et al. . with the method of Leppek/Maillard et al./Schneier because 
the provides a listing of all users who are intruders. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon Hoffman whose telephone number is 703-305- 
4662. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 




BH 

3/27/04 


SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 


